North Korean hackers have become the crypto industry's biggest nightmare! 76% of all stolen funds this year have fallen into Pyongyang's pockets.

📄Full Article· Automatically extracted by trafilaturaGemini 翻譯1693 words

According to a new report from blockchain intelligence firm TRM Labs, North Korean hacker groups have aggressively looted approximately $577 million in the crypto space in just the first four months of 2026, accounting for 76% of the total global crypto losses from hacks during the same period. This massive loss primarily stems from two major hacking incidents that occurred in April this year: the liquidity restaking protocol Kelp DAO ($292 million lost) and the decentralized derivatives exchange Drift Protocol ($285 million lost). TRM pointed out that while these two cases account for only 3% of the total number of attacks in the first four months of this year, they represent the vast majority of the total stolen value. The report revealed that the Kelp DAO attack originated from the notorious "TraderTraitor," which has close ties to the Lazarus Group, while the Drift attack was carried out by another, not yet fully exposed, North Korean hacking cell. Physical Infiltration and Technical Manipulation: Drift Emptied in 12 Minutes via "Long Con" TRM revealed that the Drift attack was not a short-term raid but a sophisticated infiltration operation spanning several months. North Korean agents engaged with the Drift team through multiple in-person meetings. Starting March 11, they began deploying preparations for the attack, including establishing "durable nonce accounts" (used for pre-signing transactions) on Solana and inducing multi-sig members of the Drift Security Council to pre-authorize transactions. The fatal blow occurred on April 1. Just days after Drift transferred Security Council authority to a "2/5 threshold" and removed the Timelock (a buffer waiting period after a transaction is submitted), the hackers triggered 31 pre-signed withdrawal instructions within 12 minutes, rapidly draining the funds. These stolen assets have since been cross-chained to Ethereum and remain dormant to this day. Direct Attack on Underlying Infrastructure: The Fall of Kelp DAO In contrast to the social engineering trap used against Drift, Kelp DAO suffered a technical attack. The hackers identified architectural flaws in the "single validator" structure of the cross-chain communication protocol LayerZero. By compromising the RPC (Remote Procedure Call) infrastructure, they tampered with the cross-chain verification logic. After forcing the system to transfer verification authority to hacker-controlled nodes, over 116,000 rsETH were looted. Even though Arbitrum officially froze some assets, the hackers quickly laundered and moved most of the funds through infrastructure such as the cross-chain liquidity protocol THORChain. TRM data shows that the proportion of global cryptocurrency theft attributed to North Korean hackers is climbing at an alarming rate: from less than 10% in 2020 and 2021, it rose to 22% in 2022, 37% in 2023, 39% in 2024, 64% in 2025, and has hit a record high of 76% so far this year. According to TRM statistics, the cumulative amount of cryptocurrency stolen by North Korean hackers since 2017 has exceeded $6 billion. The report notes that the 2025 mega-hack of the cryptocurrency exchange Bybit, which resulted in a $1.46 billion loss, was a major turning point in the modus operandi of North Korean hackers. Since then, these state-sponsored elite hackers have changed their tactics, moving away from "spray and pray" attacks to targeting high-value "fat targets," specifically focusing on critical infrastructure such as bridges and multi-sig governance systems to ensure a lethal strike. Money Laundering Tactics: Long-term Dormancy vs. Rapid Underground Liquidation The Drift and Kelp DAO cases highlight the divergence in North Korean money laundering techniques. The hackers in the Drift case are extremely patient; after the funds were moved to Ethereum, they have remained inactive. Experts believe they may intend to "hide" the funds for months or even years, waiting for the heat to die down before cashing out through complex, multi-stage operations. In contrast, the hackers behind the Kelp DAO case prioritized speed, quickly converting funds into Bitcoin via THORChain and handing off the subsequent laundering work to underground money laundering intermediaries in China. Faced with this increasingly rampant threat, TRM urges major platforms to immediately upgrade compliance monitoring. Priority defenses should include: strictly monitoring cross-chain funds flowing through THORChain, strengthening "multi-hop" transaction tracking for cross-chain bridge infrastructure, and strictly screening deposit paths related to Solana governance, especially transactions involving durable nonce mechanisms. In addition, TRM strongly recommends that the industry actively join cross-platform joint defense mechanisms such as the Beacon Network. Once a North Korean hacker's wallet address is identified, it can trigger rapid cross-platform joint alerts, effectively cutting off the hackers'

Data Status✓ Full text extractedRead Original (區塊客)

🔍Historical Similar Events· Keyword + Asset Matching1 items

2026-05-01

North Korean hackers have become the crypto industry's biggest nightmare! 76% of all stolen funds this year have ended up in Pyongyang's pockets.

Similarity 120%關鍵字北韓駭客成幣圈最大夢魘同分類 hot

💡 Currently matching via keywords + symbols (MVP) · Will be upgraded to embedding semantic search later

Raw Information

ID:6d74b58257

Source:區塊客

Published:2026-05-01 09:08:05

Category:hot · Export Category hot

Symbols:Unspecified

Community Votes:+0 / −0 · ⭐ 1 Important · 💬 0 Comments